Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Backoff Malware Likely Cause of Suspected Home Depot Data Breach

NEWS ANALYSIS: If a data breach has actually occurred at Home Depot, which the company hasn't confirmed, it was likely caused by the Backoff malware, according to security experts.

Security experts tell eWEEK that if an ongoing investigation confirms there has been a data breach at Home Depot, it was likely caused by the rapidly spreading Backoff malware.

So far, all the company is saying is it may have been attacked but that it is still investigating whether a data breach actually took place.

"We’re looking into some unusual activity that might indicate a possible payment data breach and we’re working with our banking partners and law enforcement to investigate," the Home Depot officials said in a statement released to the media.

"We know that this news may be concerning and we apologize for the worry this can create. If we confirm a breach has occurred, we will make sure our customers are notified immediately," the statement said.

Further reading

The company also said that it would offer free identity protection services to any affected customers and that it would make an announcement once it determines whether a breach actually occurred. One security expert told eWEEK that apparently hackers have published lists of fresh credit card numbers lately, and that when those numbers were checked, they led to Home Depot.

But there's still a big leap from a potential breach tied to credit card numbers offered for sale and confirming that Home Depot has sustained a breach. In addition, Home Depot has already begun outfitting its point-of-sale terminals with chip and PIN readers, which means that at least some customers may not be at risk if the breach took place.

Security response teams at some of the card-issuing banks have already started buying back credit card numbers believed stolen in the suspected breach at Home Depot, according to John Zurawski, vice president of marketing for Authentify.

However, he said that much of the risk could be avoided if the credit cards supported two-factor authentication. One means of providing such authentication is by issuing cards with an EMV chip that require a PIN to make purchases.

Zurawski said that credit card companies can also implement a phone-based two factor authentication now to make sure that customers are aware of suspicious purchases using their smartphones or even their landline phones. Such an authentication process, which already exists at some card companies, happens when a consumer gets a phone call to confirm a purchase in progress.

The way this works is when a credit card, or a credit card number, is being presented for purchase, the customer receives a call asking whether they're really making such a purchase, and if they are to either confirm it verbally, or to press a number key on the phone. If the purchase can't be authenticated, then it's not approved.